Skip to main content

Apple QuickTime Multiple Remote Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 11 Sep 2008 5465 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system.

1. Due to an uninitialized memory access in the third-party Indeo v5 codec (not shipped with QuickTime), which could be exploited to execute arbitrary code via a specially crafted movie file.

2. Due to a stack overflow error in the third-party Indeo v3.2 codec, which could be exploited to execute arbitrary code via a specially crafted movie file.

3. Due to a heap overflow error when handling panorama atoms in QTVR (QuickTime Virtual Reality) movie files, which could be exploited by attackers to execute arbitrary code.

4. Due to a stack overflow error when handling panorama atoms in QTVR (QuickTime Virtual Reality) movie files, which could be exploited by attackers to execute arbitrary code.

5. Due to an integer overflow error when handling malformed PICT images, which could allow attackers to compromise a vulnerable system via a malicious image.

6. Due to a memory corruption error when handling STSZ atoms in movie files, which could allow attackers to compromise a vulnerable system via a malicious movie file.

7. Due to a memory corruption errors when handling H.264 encoded movie files, which could be exploited by attackers to execute arbitrary code.

8. Due to an invalid pointer error when handling PICT images, which could be exploited by attackers to execute arbitrary code.

9. Due to an out-of-bounds read error when handling PICT images, which could be exploited to cause a denial of service.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Apple QuickTime versions prior to 7.5.5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Apple QuickTime version 7.5.5 for Windows :
http://www.apple.com/support/downloads/quicktime755forwindows.html

Upgrade to Apple QuickTime version 7.5.5 for Leopard :
http://www.apple.com/support/downloads/quicktime755forleopard.html

Upgrade to Apple QuickTime version 7.5.5 for Tiger :
http://www.apple.com/support/downloads/quicktime755fortiger.html


Vulnerability Identifier


Source


Related Link